CVE-2010-1029

Publication date 19 March 2010

Last updated 24 July 2024


Ubuntu priority

Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences.

Read the notes from the security team

Status

Package Ubuntu Release Status
chromium-browser 10.10 maverick Ignored end of life
10.04 LTS lucid Ignored end of life
9.10 karmic Not in release
9.04 jaunty Not in release
8.10 intrepid Not in release
8.04 LTS hardy Not in release
6.06 LTS dapper Not in release
qt4-x11 10.10 maverick
Not affected
10.04 LTS lucid
Not affected
9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid Ignored end of life, was needs-triage
8.04 LTS hardy
Not affected
6.06 LTS dapper
Not affected
webkit 10.10 maverick
Not affected
10.04 LTS lucid
Not affected
9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid Ignored end of life, was needs-triage
8.04 LTS hardy
Not affected
6.06 LTS dapper Not in release

Notes


jdstrand

webkit is a fork of khtml from kdelibs. kdelibs5 is farther from it, while qt4-x11 attempts to unify khtml and webkit.


mdeslaur

webkitkde is a wrapper around qt4-x11's webkit. looks like it was safari only